Being hacked is horrible. How to protect yourself..

I’m sorry that this is such a long post – but it needs to be! I could write a whole other post on the kindness of friends and strangers – which I will definitely do. But this post is about protecting you on Instagram & Facebook from the people out there who are less than kind! It is accurate to the best of my (limited) knowledge when it comes to these things. 

It all started innocently enough. It was a normal Wednesday morning in early June – whatever “normal” means during lockdown!

I had arranged go running with a friend early doors and before getting out of bed I glanced, bleary eyed, at my phone.  There were a couple of emails from Facebook saying that someone had tried to re-set my password.

“Huh.” I thought to myself. “It’s a scam. These people are trying to get access to my account so that THEY can change my password. Nice try but I’m not going to fall for it.”

And so I went on my run.

A couple of hours later I re-visited my inbox and saw a few more emails from Facebook. I thought that I had better investigate them and decided to change my password, just to be safe. I went into my account and saw that someone else had been appointed as an admin and so I removed her. She had also added a friend (I took a picture of her on my phone).  And then I changed my password.

As soon as I’d done that, another message pinged in, saying that my password had been re-set again. And so it started. A half an hour game of “password ping pong” whereby I frantically re-set my Facebook password and someone immediately re-set it. It happened about five or six times. It was a horrible half an hour and I felt sick the whole time. It has become a common feeling this last few weeks.

Everything suddenly came to an abrupt halt when I received a message from Facebook saying that I had breached the community guidelines on two of my Facebook pages and my accounts had been suspended.  I was then instructed to secure my FB account, which I did. And then as far as I could tell, my account had disappeared.

So that’s how they did it. They accessed my accounts and breached the security guidelines, knowing that FB (and thereby IG) would shut me down.

And then the messages started pinging in on WhatsApp. People were telling me that my Instagram account was looking odd. At first people could see the header, including my bio, but no pictures. And then it disappeared entirely. And that was it. My account no longer existed.

The problem that I had was that Instagram no longer recognised me, so whereas usually you can notify them via the App that something untoward has happened – I couldn’t do this.

Somehow – and I still don’t know how – because everything was a bit frantic – either my son or I managed to notify IG that I had been hacked. IG sent me an email asking me to complete a form to explain/justify why my account shouldn’t be permanently suspended. WHAT? I hadn’t even done anything.

So I completed the form but I couldn’t submit it because again, to all intents and purposes, I didn’t exist as a user on the App. So instead I copied and pasted the contents of that form into a reply email to Instagram – hoping that a real person would actually see it and do something.

I was then sent a code by Instagram. I was asked to write it on a piece of paper and take a photograph of me holding it, showing my face and my hands, and submit it to them, which I did. Things looked vaguely hopeful. And then silence.

So what do you do in that situation? Well I really didn’t have any idea because I didn’t know what might happen next or how long it might take or how, weeks later, I would still have people trying to access my accounts.

But the purpose of this post is to let you know what steps you can take to keep yourselves safe on your accounts. I have since come across people with accounts bigger than mine, who didn’t have any protection on theirs either. So whilst part of me feels naive for not having protected myself better, it’s important to remember that when we’re hacked we are victims.  It’s the hackers who are in the wrong. Not us.

Things that it’s good to know..

  • The Instagram in box associated with the account from which they send emails is looked at by real people and not just “bots” but you will be in a VERY long queue;
  • Whilst Instagram and Facebook are linked, they are actually separate entities. Apparently this was because if they were one entity, they would have had too much of a monopoly. What this means in reality is that you are dependent on them talking to one another, if you wish to make any progress;
  • It also means that if people get access to one account, they can gain access to the other. So it’s a good idea to change your email account associated with your Facebook;
  • If people have hacked your FB/IG accounts, there’s a strong likelihood that they can intercept emails from Facebook and can nip in and re-set your password AS WELL AS being able to access other accounts and passwords associated with that email address. So change all of your passwords on all of your accounts that could be compromised;
  • Using “Last Pass” is a great way to keep your passwords safe and access various accounts (netflix, amazon etc) without needing to remember your passwords, or write them down;
  • Facebook are based in the US, London, Dublin and Portugal so it can make things a little tricky to get hold of them;
  • It also means that if you are, in fact, the one changing your password, it may mean that you receive an email from Facebook telling you that someone tried to change it 8 hours or so before you did – just to add to the confusion;
  • It is not always possible to tell whether emails are coming from Facebook or not – although they do issue guidance on this. For a while, all of the emails that I received from Facebook had Arabic in their logo, which kind of threw me;
  • If you can still actually see your Instagram account, things probably aren’t too bad and it may just be a case of re-setting your password and/or submitting photo ID to gain access. It may take a while but if it’s still there, that’s a good sign. If you think things are starting to look funny, take screen shots of what you are still able to see;
  • If you do decide to set up a new account, don’t use the same user name. Luckily I had chosen a similar, but different, user name but I subsequently found that had I used the same user name, I wouldn’t have been able to get my old account back (I don’t know whether this is accurate or not but it’s what I was told.)

Steps you can take to protect yourself on Instagram

So let’s assume that you’re now going to put all of the safety features in place so that you can’t get hacked in the first place. I’ll then go on to give you the links to the forms that you will need should you get hacked.

I’m going to talk you through the steps one by one because the reality is, I had heard about 2 factor but I didn’t quite understand what it meant or how to go about putting it on. I was busy building my online business and thought that I would get around to it “at some point.” The problem is, if you get hacked, it’s quite hard to grow your online business. Lesson learned.

So what is 2 factor authentication?

Think of it as an added layer of protection to your account. A little bit like having an alarm on your house, so if anyone tries to get in, you get notified.

What Instagram does when you have 2 factor on is send a code to your phone (or to wherever you’ve asked them to send it) which you have to submit in order to gain access to your account. So say you’re trying to log into your account through your child’s phone, Instagram will text message a code to your phone (or your chosen means of communication) for you to enter, so that you can log in from that device.  If a person doesn’t have the code, they shouldn’t be able to log in….in theory!

OK so how do you put 2 factor on? Just look at the images below and click the buttons outlined in purple

First click on the “ladder” in the top right hand corner of your page…

Then click on settings…

Next click on security…

Next click on two factor authentication and when you have done that, just slide the button to “on”

Next you will get an option to install an Authentication App on your phone. This serves as another layer of security and is really worth doing. I have the one recommended by google. It’s free and all that you have to do is to go to the app store and download it. Then follow the instructions and it will “pick” your IG account up. You can use the app for more than one platform. I have both IG accounts and my FB accounts all registered to the same app so if I want to change my password etc, I just hop over there, grab the code and enter it when asked.


Something else to do!

Check your login activity. By clicking on this, you can find out from where your account has been logged into. Leominster and Aberystwyth appeared on mine today which was interesting, given that I had two factor on. When you hit login activity you get the option of confirming or denying whether the login was you or not. If it wasn’t you, you can log that device out. You must then change your password.

If you’re feeling overwhelmed by all of this at this point don’t! Just drop me a message and I’ll talk you through it. It’s easy to turn away from it thinking that you’ll come back to it but honestly don’t do that. Just do it now!


And one last thing that you can do is to download the contents of your IG account, so that if they are hacked, you won’t have lost everything. Sometimes you don’t realise the value of things until they are lost, so whether they are pictures of your cats, your kids, or your favourite cakes, this is worth doing too. Just click on the screen below and enter your email address. It takes 48 hours to receive the content. I’m still waiting for mine so I don’t actually know what this “looks” like on arrival. But this is the mechanism by which you go about doing it!


If you find yourself in the unfortunate position of being hacked via Instagram (as opposed to Facebook) these are the steps to take…

  • Go to the Instagram Help Centre 
  • Type in “hacked” in the search bar at the top of the page. A number of articles will appear;
  • This article will probably be the one that you want and will contain the forms that you need “I think my Instagram Account Has Been Hacked” Read that article and follow the steps outlined;
  • Check the inbox associated with your Instagram account as that’s where they will send the messages (it sounds obvious but sometimes the accounts registered with our Instagram accounts aren’t the ones that we use every day)
  • Screen shot what you can see of your account;
  • Check whether the email address associated with your Instagram account has been changed;
  • One lady on Instagram who had been hacked checked the people that her Mum was following (knowing that she was following very few people) and she could see her account there but under a different name. Use this to demonstrate to Instagram what had happened;
  • Let everyone know what has happened. Sometimes things are resolved quickly. For me it took weeks. The more irons that you have in the fire, the more chance that you have of getting things fixed.

Steps to take to protect yourself on Facebook

  • Put 2 factor authentication on, on your Facebook Account;
  • If you have a “Business Manager” account you will also need to do it on this too;
  • Use an authentication app as per Instagram. You can use the same one;
  • Change your email address associated with your Facebook account (I set up a new one via proton mail, which has a password associated with it)

I am by no means an expert on any of any of this. But I have way more knowledge now than I wish I had. All I would say is that it can be an exhausting and stressful experience. My business plans were totally de-railed and I spent hours and hours and hours trying to get things sorted, as well as trying to build, and engage on, my new Instagram account. I was lucky and I received so much support but nonetheless, it was pretty grueling and emotional.

The good thing? When Facebook email you to say that someone has changed your password, they give you the IP address of the person changing it. All I would say is keep those emails. You just never know when you might need them.

Today I hit 10k on my new account. It feels like a turning point. As though things might finally return to some sort of normal.

I don’t like to cross my fingers too much because each time I’m think I’m there, something else happens to throw a spanner in the works. But hopefully everything is now secure and I won’t dread the pinging of my phone each time an email comes in.

I know this is long but I hope that it’s helpful.

Beth x


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.